# Revision history [back]

### The rules of my security group default not work in the Havana Openstack

Good afternoon everybody, How are you? I hope you are fine.

I'm new in the new openstack world. My first step was install the Openstack on the computers with ubuntu following the tutorial found in the http://docs.openstack.org/havana/install-guide/install/apt/content/. Also I use the openvswitch.

After verify if the services are actives and enable, I created one external network, a networks with subnet, both of them connected a one router, further I set the gateway to the router on the external network (following the example in the docs.openstack). By the other hand, I launch one VM and associate a flooting IP the external network, further verify the connectivity between the router, the VM and the DHCP, all of them work well. After I try to ping the floating IP from the other computer, external the testbed, and that my surprise that i can ping. I supposed that not possible because don't exists rules about this traffic. Thus I verified the security groups rules and found the group Default with 4 rules that allowing access the traffic IPv4 and IPv6 (eggress and ingress). I guessed this rules are responsible for ensure the connectivity between openstack and VMs. But anyway delete this rules and try the ping again from the external PC and the ping work again.

The configuration about nova.conf, nova-compute conf and neutron_plugin_ovs are:

nova.conf:

[DEFAULT] dhcpbridge_flagfile=/etc/nova/nova.conf dhcpbridge=/usr/bin/nova-dhcpbridge logdir=/var/log/nova state_path=/var/lib/nova lock_path=/var/lock/nova force_dhcp_release=True iscsi_helper=tgtadm libvirt_use_virtio_for_bridges=True connection_type=libvirt root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf verbose=True ec2_private_dns_show_ip=True api_paste_config=/etc/nova/api-paste.ini volumes_path=/var/lib/nova/volumes enabled_apis=ec2,osapi_compute,metadata

# Network Settings

nova-compute.conf

[DEFAULT] libvirt_type=kvm compute_driver=libvirt.LibvirtDriver

ovs_neutron plugin:

[securitygroup]

# Example:

firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

Thanks an advance. Sorry for bother you.

Best Regards, Rafael.

 2 No.2 Revision laboshinl 410 ●9 ●17 ●25 http://laboshinl.blog....

### The rules of my security group default not work in the Havana Openstack

Good afternoon everybody, How are you? I hope you are fine.

I'm new in the new openstack world. My first step was install the Openstack on the computers with ubuntu following the tutorial found in the http://docs.openstack.org/havana/install-guide/install/apt/content/. Also I use the openvswitch.

After verify if the services are actives and enable, I created one external network, a networks with subnet, both of them connected a one router, further I set the gateway to the router on the external network (following the example in the docs.openstack). By the other hand, I launch one VM and associate a flooting IP the external network, further verify the connectivity between the router, the VM and the DHCP, all of them work well. After I try to ping the floating IP from the other computer, external the testbed, and that my surprise that i can ping. I supposed that not possible because don't exists rules about this traffic. Thus I verified the security groups rules and found the group Default with 4 rules that allowing access the traffic IPv4 and IPv6 (eggress and ingress). I guessed this rules are responsible for ensure the connectivity between openstack and VMs. But anyway delete this rules and try the ping again from the external PC and the ping work again.

The configuration about nova.conf, nova-compute conf and neutron_plugin_ovs are:

nova.conf:

[DEFAULT]
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
libvirt_use_virtio_for_bridges=True
connection_type=libvirt
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
verbose=True
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
volumes_path=/var/lib/nova/volumes

#Network Settings

network_api_class=nova.network.neutronv2.api.API
neutron_url=http://controller:9696
neutron_auth_strategy=keystone
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
security_group_api=neutronsecurity_group_api=neutron


nova-compute.conf

[DEFAULT]
libvirt_type=kvm
compute_driver=libvirt.LibvirtDrivercompute_driver=libvirt.LibvirtDriver


ovs_neutron plugin:

[securitygroup]

# [securitygroup] # Firewall driver for realizing neutron security group function.

 function. # firewall_driver = neutron.agent.firewall.NoopFirewallDriver Example: neutron.agent.firewall.NoopFirewallDriver # Example: firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver 

Thanks an advance. Sorry for bother you.

Best Regards, Rafael.

 3 No.3 Revision darragh-oreilly 2230 ●8 ●23 ●41

### The rules of my Default Neutron security group default not work in the Havana Openstackis ineffective

Good afternoon everybody, How are you? I hope you are fine.

I'm new in the new openstack world. My first step was install the Openstack on the computers with ubuntu following the tutorial found in the http://docs.openstack.org/havana/install-guide/install/apt/content/. Also I use the openvswitch.

After verify if the services are actives and enable, I created one external network, a networks with subnet, both of them connected a one router, further I set the gateway to the router on the external network (following the example in the docs.openstack). By the other hand, I launch one VM and associate a flooting IP the external network, further verify the connectivity between the router, the VM and the DHCP, all of them work well. After I try to ping the floating IP from the other computer, external the testbed, and that my surprise that i can ping. I supposed that not possible because don't exists rules about this traffic. Thus I verified the security groups rules and found the group Default with 4 rules that allowing access the traffic IPv4 and IPv6 (eggress and ingress). I guessed this rules are responsible for ensure the connectivity between openstack and VMs. But anyway delete this rules and try the ping again from the external PC and the ping work again.

The configuration about nova.conf, nova-compute conf and neutron_plugin_ovs are:

nova.conf:

[DEFAULT]
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
libvirt_use_virtio_for_bridges=True
connection_type=libvirt
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
verbose=True
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
volumes_path=/var/lib/nova/volumes

#Network Settings

network_api_class=nova.network.neutronv2.api.API
neutron_url=http://controller:9696
neutron_auth_strategy=keystone
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
security_group_api=neutron


nova-compute.conf

[DEFAULT]
libvirt_type=kvm
compute_driver=libvirt.LibvirtDriver


ovs_neutron plugin:

[securitygroup]
# Firewall driver for realizing neutron security group function.
# firewall_driver = neutron.agent.firewall.NoopFirewallDriver
# Example:
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver


Thanks an advance. Sorry for bother you.

Best Regards, Rafael.